In our last blog, we explored the risk of receiving sensitive data unauthorized via email, the sharing sensitive information internally across departments, and the need for advanced data protection features within both on-premise email systems and Microsoft Office 365 (MO365) environments to mitigate these risks. However, it is not just the threat of unwanted or accidental sensitive data acquisition that organizations should be wary of when it comes to information security. Because Microsoft Office 365 has been rapidly adopted across so many sectors and organizations of all sizes, it has become a prime target for cybercriminals.
The National Cyber Security Centre (NCSC) has recently published an advisory report that explores the ways MO365 can be compromised by malicious parties, explaining how cybercriminals can use compromised MO365 accounts to obtain financial profit. It reports that attacks on business email, including MO365, cost businesses over $5.3 billion dollars in losses between